/* BGP try to connect to the peer. */
int
bgp_connect (struct peer *peer)
{
unsigned int ifindex = 0;
/* Make socket for the peer. */
peer->fd = sockunion_socket (&peer->su);
if (peer->fd < 0)
return -1;
set_nonblocking (peer->fd);
/* Set socket send buffer size */
bgp_update_sock_send_buffer_size(peer->fd);
bgp_set_socket_ttl (peer, peer->fd);
sockopt_reuseaddr (peer->fd);
sockopt_reuseport (peer->fd);
#ifdef IPTOS_PREC_INTERNETCONTROL
if (bgpd_privs.change (ZPRIVS_RAISE))
zlog_err ("%s: could not raise privs", __func__);
if (sockunion_family (&peer->su) == AF_INET)
setsockopt_ipv4_tos (peer->fd, IPTOS_PREC_INTERNETCONTROL);
# ifdef HAVE_IPV6
else if (sockunion_family (&peer->su) == AF_INET6)
setsockopt_ipv6_tclass (peer->fd, IPTOS_PREC_INTERNETCONTROL);
# endif
if (bgpd_privs.change (ZPRIVS_LOWER))
zlog_err ("%s: could not lower privs", __func__);
#endif
if (peer->password)
bgp_md5_set_connect (peer->fd, &peer->su, peer->password);
/* Bind socket. */
bgp_bind (peer);
/* Update source bind. */
bgp_update_source (peer);
#ifdef HAVE_IPV6
if (peer->ifname)
ifindex = if_nametoindex (peer->ifname);
#endif /* HAVE_IPV6 */
if (BGP_DEBUG (events, EVENTS))
plog_debug (peer->log, "%s [Event] Connect start to %s fd %d",
peer->host, peer->host, peer->fd);
/* Connect to the remote peer. */
return sockunion_connect (peer->fd, &peer->su, htons (peer->port), ifindex);
}
/* BGP try to connect to the peer. */
int
bgp_connect (struct peer *peer)
{
unsigned int ifindex = 0;
/* Make socket for the peer. */
peer->fd = sockunion_socket (&peer->su);
if (peer->fd < 0)
return -1;
/* If we can get socket for the peer, adjest TTL and make connection. */
if (peer->sort == BGP_PEER_EBGP) {
sockopt_ttl (peer->su.sa.sa_family, peer->fd, peer->ttl);
if (peer->gtsm_hops)
sockopt_minttl (peer->su.sa.sa_family, peer->fd, MAXTTL + 1 - peer->gtsm_hops);
}
sockopt_reuseaddr (peer->fd);
sockopt_reuseport (peer->fd);
#ifdef IPTOS_PREC_INTERNETCONTROL
if (bgpd_privs.change (ZPRIVS_RAISE))
zlog_err ("%s: could not raise privs", __func__);
if (sockunion_family (&peer->su) == AF_INET)
setsockopt_ipv4_tos (peer->fd, IPTOS_PREC_INTERNETCONTROL);
# ifdef HAVE_IPV6
else if (sockunion_family (&peer->su) == AF_INET6)
setsockopt_ipv6_tclass (peer->fd, IPTOS_PREC_INTERNETCONTROL);
# endif
if (bgpd_privs.change (ZPRIVS_LOWER))
zlog_err ("%s: could not lower privs", __func__);
#endif
if (peer->password)
bgp_md5_set_connect (peer->fd, &peer->su, peer->password);
/* Bind socket. */
bgp_bind (peer);
/* Update source bind. */
bgp_update_source (peer);
#ifdef HAVE_IPV6
if (peer->ifname)
ifindex = if_nametoindex (peer->ifname);
#endif /* HAVE_IPV6 */
if (BGP_DEBUG (events, EVENTS))
plog_debug (peer->log, "%s [Event] Connect start to %s fd %d",
peer->host, peer->host, peer->fd);
/* Connect to the remote peer. */
return sockunion_connect (peer->fd, &peer->su, htons (peer->port), ifindex);
}
static int
bgp_listener (int sock, struct sockaddr *sa, socklen_t salen)
{
struct bgp_listener *listener;
int ret, en;
sockopt_reuseaddr (sock);
sockopt_reuseport (sock);
#ifdef IPTOS_PREC_INTERNETCONTROL
if (sa->sa_family == AF_INET)
setsockopt_ipv4_tos (sock, IPTOS_PREC_INTERNETCONTROL);
#endif
#ifdef IPV6_V6ONLY
/* Want only IPV6 on ipv6 socket (not mapped addresses) */
if (sa->sa_family == AF_INET6) {
int on = 1;
setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY,
(void *) &on, sizeof (on));
}
#endif
if (bgpd_privs.change (ZPRIVS_RAISE) )
zlog_err ("bgp_socket: could not raise privs");
ret = bind (sock, sa, salen);
en = errno;
if (bgpd_privs.change (ZPRIVS_LOWER) )
zlog_err ("bgp_bind_address: could not lower privs");
if (ret < 0)
{
zlog_err ("bind: %s", safe_strerror (en));
return ret;
}
ret = listen (sock, 3);
if (ret < 0)
{
zlog_err ("listen: %s", safe_strerror (errno));
return ret;
}
listener = XMALLOC (MTYPE_BGP_LISTENER, sizeof(*listener));
listener->fd = sock;
memcpy(&listener->su, sa, salen);
listener->thread = thread_add_read (master, bgp_accept, listener, sock);
listnode_add (bm->listen_sockets, listener);
return 0;
}
static int bgp_listener(int sock, struct sockaddr *sa, socklen_t salen,
struct bgp *bgp)
{
struct bgp_listener *listener;
int ret, en;
sockopt_reuseaddr(sock);
sockopt_reuseport(sock);
frr_elevate_privs(&bgpd_privs) {
#ifdef IPTOS_PREC_INTERNETCONTROL
if (sa->sa_family == AF_INET)
setsockopt_ipv4_tos(sock, IPTOS_PREC_INTERNETCONTROL);
else if (sa->sa_family == AF_INET6)
setsockopt_ipv6_tclass(sock,
IPTOS_PREC_INTERNETCONTROL);
#endif
sockopt_v6only(sa->sa_family, sock);
ret = bind(sock, sa, salen);
en = errno;
}
if (ret < 0) {
flog_err_sys(EC_LIB_SOCKET, "bind: %s", safe_strerror(en));
return ret;
}
ret = listen(sock, SOMAXCONN);
if (ret < 0) {
flog_err_sys(EC_LIB_SOCKET, "listen: %s", safe_strerror(errno));
return ret;
}
listener = XCALLOC(MTYPE_BGP_LISTENER, sizeof(*listener));
listener->fd = sock;
/* this socket needs a change of ns. record bgp back pointer */
if (bgp->vrf_id != VRF_DEFAULT && vrf_is_backend_netns())
listener->bgp = bgp;
memcpy(&listener->su, sa, salen);
listener->thread = NULL;
thread_add_read(bm->master, bgp_accept, listener, sock,
&listener->thread);
listnode_add(bm->listen_sockets, listener);
return 0;
}
static int
bgp_listener (int sock, struct sockaddr *sa, socklen_t salen)
{
struct bgp_listener *listener;
int ret, en;
sockopt_reuseaddr (sock);
sockopt_reuseport (sock);
if (bgpd_privs.change (ZPRIVS_RAISE))
zlog_err ("%s: could not raise privs", __func__);
#ifdef IPTOS_PREC_INTERNETCONTROL
if (sa->sa_family == AF_INET)
setsockopt_ipv4_tos (sock, IPTOS_PREC_INTERNETCONTROL);
# ifdef HAVE_IPV6
else if (sa->sa_family == AF_INET6)
setsockopt_ipv6_tclass (sock, IPTOS_PREC_INTERNETCONTROL);
# endif
#endif
sockopt_v6only (sa->sa_family, sock);
ret = bind (sock, sa, salen);
en = errno;
if (bgpd_privs.change (ZPRIVS_LOWER))
zlog_err ("%s: could not lower privs", __func__);
if (ret < 0)
{
zlog_err ("bind: %s", safe_strerror (en));
return ret;
}
ret = listen (sock, 3);
if (ret < 0)
{
zlog_err ("listen: %s", safe_strerror (errno));
return ret;
}
listener = XMALLOC (MTYPE_BGP_LISTENER, sizeof(*listener));
listener->fd = sock;
memcpy(&listener->su, sa, salen);
listener->thread = thread_add_read (master, bgp_accept, listener, sock);
listnode_add (bm->listen_sockets, listener);
return 0;
}
static int ext_client_bgp_listener(struct ext_client_bgp * ext_client_bgp, int sock, struct sockaddr * sa, socklen_t salen)
{
struct bgp_listener *listener;
int ret, en;
sockopt_reuseaddr (sock);
sockopt_reuseport (sock);
#ifdef IPTOS_PREC_INTERNETCONTROL
if (sa->sa_family == AF_INET)
setsockopt_ipv4_tos (sock, IPTOS_PREC_INTERNETCONTROL);
#endif
#ifdef IPV6_V6ONLY
/* Want only IPV6 on ipv6 socket (not mapped addresses) */
if (sa->sa_family == AF_INET6) {
int on = 1;
setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY,
(void *) &on, sizeof (on));
}
#endif
ret = bind (sock, sa, salen);
if (ret < 0)
{
printf ("bind: %s", strerror (en));
return ret;
}
ret = listen (sock, 3);
if (ret < 0)
{
printf("listen: %s", strerror (errno));
return ret;
}
listener = calloc(1, sizeof(struct bgp_listener));
listener->accept_fd = sock;
listener->peer_fd = -1;
memcpy(&listener->su, sa, salen);
ext_client_bgp_event(EXT_CLIENT_BGP_ACCEPT, ext_client_bgp, listener);
list_push_back(&ext_client_bgp->listen_sockets, &listener->node);
return 0;
}
int ospf_sock_init (int packet_flag)
{
int ospf_sock;
int ret, hincl = 1;
int ospf_hello = OSPF_IP_HELLO_PACKET;
int ospf_other = OSPF_IP_OTHER_PACKET;
ospf_sock = socket (AF_INET, SOCK_RAW, IPPROTO_OSPFIGP);
if (ospf_sock < 0)
{
int save_errno = errno;
zlog_err ("ospf_read_sock_init: socket: %s", safe_strerror (save_errno));
exit(1);
}
#ifdef IP_HDRINCL
/* we will include IP header with packet */
ret = setsockopt (ospf_sock, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof (hincl));
if (ret < 0)
{
int save_errno = errno;
zlog_warn ("Can't set IP_HDRINCL option for fd %d: %s",
ospf_sock, safe_strerror(save_errno));
}
#elif defined (IPTOS_PREC_INTERNETCONTROL)
#warning "IP_HDRINCL not available on this system"
#warning "using IPTOS_PREC_INTERNETCONTROL"
ret = setsockopt_ipv4_tos(ospf_sock, IPTOS_PREC_INTERNETCONTROL);
if (ret < 0)
{
int save_errno = errno;
zlog_warn ("can't set sockopt IP_TOS %d to socket %d: %s",
tos, ospf_sock, safe_strerror(save_errno));
close (ospf_sock); /* Prevent sd leak. */
return ret;
}
#else /* !IPTOS_PREC_INTERNETCONTROL */
#warning "IP_HDRINCL not available, nor is IPTOS_PREC_INTERNETCONTROL"
zlog_warn ("IP_HDRINCL option not available");
#endif /* IP_HDRINCL */
ret = setsockopt_ifindex (AF_INET, ospf_sock, 1);
if (ret < 0)
{
zlog_warn ("Can't set pktinfo option for fd %d", ospf_sock);
}
ret = setsockopt_so_recvbuf (ospf_sock, OSPF_PACKET_RECV_BUFFLEN);
if (ret < 0)
{
zlog_warn ("Can't set SO_RCVBUF %d to socket %d",
OSPF_PACKET_RECV_BUFFLEN, ospf_sock);
}
if(packet_flag == OSPF_IP_HELLO_PACKET)
{
set_nonblocking(ospf_sock);
setsockopt (ospf_sock, SOL_SOCKET, SO_SET_OSPF_FILTER, &ospf_hello, sizeof (ospf_hello));
}
if(packet_flag == OSPF_IP_OTHER_PACKET)
{
set_nonblocking(ospf_sock);
setsockopt (ospf_sock, SOL_SOCKET, SO_SET_OSPF_FILTER, &ospf_other, sizeof (ospf_hello));
}
return ospf_sock;
}
/* BGP try to connect to the peer. */
int bgp_connect(struct peer *peer)
{
assert(!CHECK_FLAG(peer->thread_flags, PEER_THREAD_WRITES_ON));
assert(!CHECK_FLAG(peer->thread_flags, PEER_THREAD_READS_ON));
ifindex_t ifindex = 0;
if (peer->conf_if && BGP_PEER_SU_UNSPEC(peer)) {
zlog_debug("Peer address not learnt: Returning from connect");
return 0;
}
frr_elevate_privs(&bgpd_privs) {
/* Make socket for the peer. */
peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id,
bgp_get_bound_name(peer));
}
if (peer->fd < 0)
return -1;
set_nonblocking(peer->fd);
/* Set socket send buffer size */
setsockopt_so_sendbuf(peer->fd, BGP_SOCKET_SNDBUF_SIZE);
if (bgp_set_socket_ttl(peer, peer->fd) < 0)
return -1;
sockopt_reuseaddr(peer->fd);
sockopt_reuseport(peer->fd);
#ifdef IPTOS_PREC_INTERNETCONTROL
frr_elevate_privs(&bgpd_privs) {
if (sockunion_family(&peer->su) == AF_INET)
setsockopt_ipv4_tos(peer->fd,
IPTOS_PREC_INTERNETCONTROL);
else if (sockunion_family(&peer->su) == AF_INET6)
setsockopt_ipv6_tclass(peer->fd,
IPTOS_PREC_INTERNETCONTROL);
}
#endif
if (peer->password) {
uint16_t prefixlen = peer->su.sa.sa_family == AF_INET
? IPV4_MAX_PREFIXLEN
: IPV6_MAX_PREFIXLEN;
bgp_md5_set_connect(peer->fd, &peer->su, prefixlen,
peer->password);
}
/* Update source bind. */
if (bgp_update_source(peer) < 0) {
return connect_error;
}
if (peer->conf_if || peer->ifname)
ifindex = ifname2ifindex(peer->conf_if ? peer->conf_if
: peer->ifname,
peer->bgp->vrf_id);
if (bgp_debug_neighbor_events(peer))
zlog_debug("%s [Event] Connect start to %s fd %d", peer->host,
peer->host, peer->fd);
/* Connect to the remote peer. */
return sockunion_connect(peer->fd, &peer->su, htons(peer->port),
ifindex);
}
/* BGP try to connect to the peer. */
int bgp_connect (struct peer *peer)
{
printf("\n BGP CONNECT: I am in BGP Connect\n");
unsigned int ifindex = 0;
/*setting up TLS for a second*/
printf("\n BGP CONNECT: I am just about to initialise SSL\n");
ssl_init(); //initialise the library, method, contact of ssl session, returns nothing
if(BGPTLS.psCTX==NULL)
{
printf("\n BGP CONNECT: There is no entry in the .psCTX pointer \n");
}
else
{
printf("\n BGP CONNECT: There is an entry in the .psCTX pointer, it is %i \n", BGPTLS_sess_server.psCTX);
}
printf("\n BGP CONNECT: There is an entry in the .psCTX pointer: ");
printf("%i \n", BGPTLS.psCTX);
/*if (SSL_CTX_use_certificate_chain_file(BGPTLS_sess_server.psCTX,"/usr/home/dugald/subcert.pem")!=1)
{
printf("Error loading certificate from file");
}
else
{
printf("Certificate has loaded correctly");
} */
/* Make socket for the peer. */
printf("BGP CONNECT: Here's sockets");
peer->fd = sockunion_socket (&peer->su);
SSL_connect(BGPTLS->ssl);
if (peer->fd < 0)
return -1;
/* If we can get socket for the peer, adjest TTL and make connection. */
if (peer->sort == BGP_PEER_EBGP)
{
sockopt_ttl (peer->su.sa.sa_family, peer->fd, peer->ttl);
if (peer->gtsm_hops)
sockopt_minttl (peer->su.sa.sa_family, peer->fd, MAXTTL + 1 - peer->gtsm_hops);
}
sockopt_reuseaddr (peer->fd);
sockopt_reuseport (peer->fd);
#ifdef IPTOS_PREC_INTERNETCONTROL
if (bgpd_privs.change (ZPRIVS_RAISE))
zlog_err ("%s: could not raise privs", __func__);
if (sockunion_family (&peer->su) == AF_INET)
setsockopt_ipv4_tos (peer->fd, IPTOS_PREC_INTERNETCONTROL);
# ifdef HAVE_IPV6
else if (sockunion_family (&peer->su) == AF_INET6)
setsockopt_ipv6_tclass (peer->fd, IPTOS_PREC_INTERNETCONTROL);
# endif
if (bgpd_privs.change (ZPRIVS_LOWER))
zlog_err ("%s: could not lower privs", __func__);
#endif
if (peer->password)
bgp_md5_set_connect (peer->fd, &peer->su, peer->password);
/* Bind socket. */
//bgp_bind (peer);
/* Update source bind. */
//bgp_update_source (peer);
#ifdef HAVE_IPV6
if (peer->ifname)
ifindex = if_nametoindex (peer->ifname);
#endif /* HAVE_IPV6 */
if (BGP_DEBUG (events, EVENTS))
plog_debug (peer->log, "%s [Event] Connect start to %s fd %d", peer->host, peer->host, peer->fd);
/* Connect to the remote peer. */
return sockunion_connect (peer->fd, &peer->su, htons (peer->port), ifindex);
}
